International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Risky Translations: Securing TLBs against Timing Side Channels

Authors:
Florian Stolz , Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany
Jan Philipp Thoma , Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany
Pascal Sasdrich , Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany
Tim Güneysu , Ruhr University Bochum, Horst Görtz Institute for IT Security, Bochum, Germany; DFKI GmbH, Cyber-Physical Systems, Bremen, Germany
Download:
DOI: 10.46586/tches.v2023.i1.1-31
URL: https://tches.iacr.org/index.php/TCHES/article/view/9945
Search ePrint
Search Google
Abstract: Microarchitectural side-channel vulnerabilities in modern processors are known to be a powerful attack vector that can be utilized to bypass common security boundaries like memory isolation. As shown by recent variants of transient execution attacks related to Spectre and Meltdown, those side channels allow to leak data from the microarchitecture to the observable architectural state. The vast majority of attacks currently build on the cache-timing side channel, since it is easy to exploit and provides a reliable, fine-grained communication channel. Therefore, many proposals for side-channel secure cache architectures have been made. However, caches are not the only source of side-channel leakage in modern processors and mitigating the cache side channel will inevitably lead to attacks exploiting other side channels. In this work, we focus on defeating side-channel attacks based on page translations.It has been shown that the Translation Lookaside Buffer (TLB) can be exploited in a very similar fashion to caches. Since the main caches and the TLB share many features in their architectural design, the question arises whether existing countermeasures against cache-timing attacks can be used to secure the TLB. We analyze state-ofthe-art proposals for side-channel secure cache architectures and investigate their applicability to TLB side channels. We find that those cache countermeasures are notdirectly applicable to TLBs, and propose TLBcoat, a new side-channel secure TLB architecture. We provide evidence of TLB side-channel leakage on RISC-V-based Linux systems, and demonstrate that TLBcoat prevents this leakage. We implement TLBcoat using the gem5 simulator and evaluate its performance using the PARSEC benchmark suite.
BibTeX
@article{tches-2022-32679,
  title={Risky Translations: Securing TLBs against Timing Side Channels},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 1},
  pages={1-31},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9945},
  doi={10.46586/tches.v2023.i1.1-31},
  author={Florian Stolz and Jan Philipp Thoma and Pascal Sasdrich and Tim Güneysu},
  year=2022
}